Mika Ilmaranta:
> On 04/23/2014 02:19 PM, Wietse Venema wrote:
>
> > Clogging can be prevented with a global limit on the number of
> > address verification probes.
>
> I think that should be simulated somehow.
1) Given a global limit on the number of outstanding verification
requests that equals 1/4 of the capacity of the active queue.
2) Then 3/4 of the active queue remains available to deliver
non-verification requests, and consequently, verification requests
cannot "clog" up Postfix. When most bogus requests are for the same
domain, then that domain will suffer most of the delays. That is OK.
3) Excess verification requests tempfail immediately. Most addresses
will be unaffected because the verify cache proactively refreshes
active addresses. Only "unknown" or "inactive" addresses will be
affected. By default, inactive means no mail in 31 days, and "known
address" refresh happens after (at least) 7 days.
> Verification itself is not the problem, it will be done eventually, but
> all legitimate deliveries get delayed for hours when the queue is
> congested with verify probes.
The global limit eliminates this congestion. By your comment I
understand it would be OK to tempfail verify probes. In other words
the global limit is good enough to eliminate the congestion problem.
In an ideal world with unlimited budgets I could do some fine-grained
over-engineered solution that supports per-domain limits but the real
world is different.
> 2) I don't see how this would be any different for sender verify probes.
The number of sender domains is larger than your pool of recipient
domains, and therefore, tracking the sender domains would require
more memory.
Wietse
